InfoSec News

If you're lucky enough to be on a Hollywood set, chances are you'll see more than a few people carrying iPads--and most will be big-shot executives. It should come as no surprise that the iPad has caught on in the entertainment industry given the iPad's billing as a great media-consumption device.
 
Broadcom's deal to buy communications processor vendor NetLogic Microsystems for $3.7 billion will help the company feed the fast-growing demand for intelligent chips in all kinds of networks.
 
If you read much about tech, you've undoubtedly been told by some snarky writer that if you're not headed for the cloud, you're hopelessly unhip, behind the times, and probably overweight. You know -- the cloud, that repository of all things digital contained on giant servers owned by someone else out there in cyberspace.
 
ScadaTEC ModbusTagServer and ScadaPhone Remote Buffer Overflow Vulnerability
 
A new survey shows that Americans are increasingly transfixed with social networking sites, with Facebook is grabbing more of our time than any other blog or social media.
 
Intel plans to show Microsoft's upcoming Windows 8 on tablets based on new Atom processors, and on ultrabooks, at both the Intel Developer Forum and Microsoft's BUILD conference this week, according to a source familiar with Intel's plans.
 
Linux Kernel '/proc//' Permissions Handling Local Security Bypass Vulnerability
 
Whether you just upgraded your Android smartphone to another device, your organization is finally replacing that old Android with something newer and shinier or you've decided to trade devices with a friend, it's a very smart idea to wipe any and all sensitive information from your smartphone before passing it off, not just to ensure that your personal data remains private, but to also make sure your device runs like new for its next owner.
 
The widespread adoption of HTML5 for Web apps could cut Apple's operation profit growth by 30 percent, with Microsoft, Google and carriers benefiting, Bernstein Research predicted.
 
One of the great things about the Internet, and Web-based tools is that they make the world a smaller place and enable virtual teams to work together remotely. Recent acquisitions and new tools from Mindjet are making cloud-based collaboration even easier and more productive.
 
A company that supplies vending machines and games to entertainment venues has disclosed a data breach affecting about 40,000 people who visited waterpark resorts in Wisconsin and Tennessee between December 2008 and May 2011
 
MantisBT Multiple Local File Include and Cross Site Scripting Vulnerabilities
 
Microsoft will webcast the opening keynote at its developers conference tomorrow when its top Windows executive is expected to reveal more information about Windows 8.
 
Early next year, IBM plans to begin using its supercomputer, Watson, in a pilot program to assist oncologists and other healthcare providers in diagnosing and treating patients.
 
Technology services and consulting company Accenture has agreed to pay $63.7 million to resolve whistleblower allegations that it participated in a large-scale kickbacks scheme involving U.S. government contracts.
 
HTC is considering buying WebOS from Hewlett-Packard or acquiring another mobile operating system, according to a report based on comments made by HTC Chairwoman Cher Wang.
 
Hewett-Packard is expanding its Enterprise Security Solutions portfolio to help businesses deal with persistent security threats from cloud computing and social media.
 
[SECURITY] [DSA 2308-1] mantis security update
 
ESA-2011-018: Domain administration privilege enforcement bypass in EMC Avamar
 
More people in the U.S. will access the Internet via mobile devices than through desktop computers or other wired devices by 2015, IDC predicted on Monday.
 
The U.S. Federal Trade Commission (FTC) last week said it had reached agreements with developers of two smartphone apps who were charged with making false claims that their software could cure acne.
 
Intel and challenger ARM are set for a PC showdown this week as competition heats up to redefine the laptop and reverse the sagging fortunes of the PC market.
 
HP Linux Imaging and Printing Insecure Temporary File Creation Vulnerability
 
Multiple XSS vulnerabilities in CMS Papoo Light Version
 
[NTMS 2012] Call for Papers, Istanbul- Turkey, 7 - 10 May 2012
 
[Announcement] ClubHack Magazine - Call for Articles
 
AT&T will offer the Acer Iconia Tab A501 for $329.99 on Sept. 18, with a two-year data plan.
 
Amazon's coming tablet could feature an annual library subscription model that would let readers access older books, according to a report in the Wall Street Journal.
 
The CEO of Comodo, a certificate-issuing company hacked in March, is even more certain now that a wave of attacks against similar firms is backed by the Iranian government.
 
librsvg SVG Images Remote Denial of Service Vulnerability
 
OpenSSL Internal Certificate Verification Routine Security Bypass Vulnerability
 
With the release of the Morto worm last month [1], more attention is being paid to malware scanning for RDP . Today, we had a reader report a possible new version of the Win32/Morto RDP brute forcing worm. The worm was not detected by Anti-Virus, and does not appear to use c:Windows\temp\scvhosts.exe like Morto did. The network traffic appears to be similar to Morto in that it makes many connections from the same source port to the RDP port *3389/tcp. So far, the user was not able to identify the process opening the connections.
Please let us know if you find similar scans and if you are able to identify the process/malware causing it.
[1] http://isc.sans.edu/diary.html?storyid=11470
------

Johannes B. Ullrich, Ph.D.

SANS Technology Institute

Twitter (c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
AT&T will introduce three new Windows Phone 7.5 'Mango' phones this fall while updating its existing four Windows Phone 7 smartphones with the new mobile operating system.
 
[SECURITY] [DSA 2304-1] squid3 security update
 
The European Union’s General Affairs Council on Monday approved plans to establish of a pan-European agency to manage its large-scale IT systems.
 
The cloud is falling! The cloud is falling! No, seriously. It keeps falling. If it's not Google Docs or Gmail, it's Microsoft's Office 365, Hotmail, and SkyDrive. The issues encountered over the past week or so--and the sporadic-but-too-frequent-to-ignore outages before that--raise serious questions about just how dependable cloud-based services really are.
 
[SECURITY] [DSA 2307-1] chromium-browser security update
 
[SECURITY] [DSA 2306-1] ffmpeg security update
 
[SECURITY] [DSA 2303-2] New linux-2.6 packages fix regression
 
Broadcom has agreed to acquire communications processor company NetLogics Microsystems for $3.7 billion, the companies announced Monday.
 
KnFTPd FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
 
FFmpeg Vorbis Decoder 'vorbis_dec.c' Multiple Buffer Overflow Vulnerabilities
 
A lot of technology companies are in the midst of hiring sprees -- in some cases looking for hundreds of new workers. Execs explain what skills they need, and where they are looking for top talent.
 
Despite its high price tag, solid-state storage technology is increasingly becoming a viable option for large and midsize companies looking to ease bottlenecks caused by high-transaction databases, virtualized systems and other I/O-intensive applications.
 
The operating system remains a cash cow, but it's not a high-growth business.
 
We all want every collaborative effort to be an ideal experience, but we get disasters much more often. Here are some of the obstacles we must overcome.
 
The price of DDR3 memory chips used in laptops, desktops and servers is expected to drop over the next two months because of a slowing PC market.
 
When brewing company MillerCoors realized it was struggling to retain female salespeople, the company turned to social tools to turn that trend around.
 
Experts say that the very characteristics that make smartphones easy to use also make them easy for hackers to exploit.
 
Sprint last week filed suit against AT&T in an attempt to block that company's $39 billion acquisition of T-Mobile USA, a cause that looks good on paper but is at odds with consumer demand for improved mobile experiences.
 
A year later, we take a look at the progress made by 2010's 25 New IT Companies to Watch.
 
Stock your organization with these seven IT miracle workers, but beware the dark side of their superpowers run amok
 
Quassel Core CTCP Remote Denial of Service Vulnerability
 
Linux Kernel Comedi Driver Local Information Disclosure Vulnerability
 
Gibbs got cut off from parts of Google and it made him worry ...
 
Yes, the story of Apple's police-aided, ham-handed hunt for a second lost iPhone prototype has received a fair amount of attention. However, the Keystone Kops-like caper deserves a lot more, and probably would have gotten it right off the bat were it not for two facts: The story reached critical mass over the Labor Day weekend and more than a few journalists were at first convinced that it had to be a hoax or a marketing stunt, because, well, how in the name of Woz could this have happened twice ... to Apple?
 
Internet Storm Center Infocon Status